Space based authentication utilizing signals from low and medium earth orbit

ABSTRACT

A system and methods for location-based authentication using medium earth orbit (MEO) and low earth orbit (LEO) satellites are presented. Location of a client device is authenticated based on at least one client received MEO satellite signal received from at least one MEO satellite at the client device and at least one client received LEO satellite signal received from at least one LEO satellite at the client device.

FIELD

Embodiments of the present disclosure relate generally to cyber andnetwork security. More particularly, embodiments of the presentdisclosure relate to satellite systems for location-basedauthentication.

BACKGROUND

A significant fraction of power of satellites signals such as a GlobalNavigation Satellite System (GNSS) signal may be lost in urban andindoor environments where satellites signals are frequently blocked.Blocking satellite signals weakens coverage in urban and indoorenvironments, and loss of power degrades performance in lowsignal-to-noise ratio (SNR) environments. Degraded performance in lowSNR environments may prevent or minimize an ability of an authenticationsystem to validate that a position computation or an assertion based ona position is bona fide.

SUMMARY

A system and methods for location-based authentication using mediumearth orbit (MEO) and low earth orbit (LEO) satellites are presented. Alikelihood that a client device is at a location is estimated based onat least one client received MEO satellite signal received from at leastone MEO satellite at the client device and at least one client receivedLEO satellite signal received from at least one LEO satellite at theclient device. A client MEO signal signature is received comprisingsamples over an MEO signature time period of a signal received from anMEO satellite. A server MEO signal signature is constructed comprisingsamples over the MEO signature time period of a signal received from theMEO satellite. A client LEO signal signature is received comprisingsamples over an LEO signature time period of a signal received from anLEO satellite. A server LEO signal signature is constructed comprisingsamples over the LEO signature time period of a signal of the LEOsatellite. A location of a client device is authenticated based on acomparison of the client MEO signal signature and the server MEO signalsignature, and a comparison of the client LEO signal signature and theserver LEO signal signature.

In this manner, embodiments of the disclosure provide protection againstspoofing and counterfeiting such as proximate and offshore attacks, andstrong coverage in urban and indoor environments where satellitessignals are frequently blocked.

In an embodiment, a method for location-based authentication usingmedium earth orbit (MEO) and low earth orbit (LEO) satellites receives aclient MEO signal signature comprising samples over an MEO signaturetime period of a client received MEO satellite signal received from anMEO satellite. The method further constructs a server MEO signalsignature comprising samples over the MEO signature time period of aserver received MEO satellite signal received from the MEO satellite.The method further compares the client MEO signal signature and theserver MEO signal signature to provide an MEO comparison result. Themethod further receives a client LEO signal signature comprising samplesover an LEO signature time period of a client received LEO satellitesignal received from an LEO satellite. The method further constructs aserver LEO signal signature comprising samples over the LEO signaturetime period of at least one server LEO satellite signal received fromthe LEO satellite. The method further compares the client LEO signalsignature and the server LEO signal signature to provide an LEOcomparison result. The method further authenticates a location of aclient device based on the MEO comparison result and the LEO comparisonresult.

In another embodiment, a location-based authentication system usingmedium earth orbit (MEO) and low earth orbit (LEO) satellites comprisesan authentication module that authenticates that a client device is at alocation based on a client received MEO satellite signal received froman MEO satellite at the client device and a client received LEOsatellite signal received from an LEO satellite at the client device.

In a further embodiment, a non-transitory computer readable storagemedium comprises computer-executable instructions for clientlocation-based authentication that receive an MEO satellite signal froman MEO satellite at a client device to provide a client received MEOsatellite signal. The computer-executable instructions further receivean LEO satellite signal from an LEO satellite at the client device toprovide a client received LEO satellite signal. The computer-executableinstructions further construct a client MEO signal signature comprisingsamples over an MEO signature time period of the client received MEOsatellite signal. The computer-executable instructions further constructa client LEO signal signature comprising samples over an LEO signaturetime period of the client received LEO satellite signal. Thecomputer-executable instructions further transmits the client MEO signalsignature, the client LEO signal signature, samples over the MEOsignature time period, and samples over the LEO signature time period toa server for authentication of a location of the client device.

This summary is provided to introduce a selection of concepts in asimplified form that are further described below in the detaileddescription. This summary is not intended to identify key features oressential features of the claimed subject matter, nor is it intended tobe used as an aid in determining the scope of the claimed subjectmatter.

BRIEF DESCRIPTION OF DRAWINGS

A more complete understanding of embodiments of the present disclosuremay be derived by referring to the detailed description and claims whenconsidered in conjunction with the following figures, wherein likereference numbers refer to similar elements throughout the figures. Thefigures are provided to facilitate understanding of the disclosurewithout limiting the breadth, scope, scale, or applicability of thedisclosure. The drawings are not necessarily made to scale.

FIG. 1 is an illustration of an exemplary wireless communication systemfor authenticating an asserted location according to an embodiment ofthe disclosure.

FIG. 2 is an illustration of an exemplary simplified functional blockdiagram of a navigation satellite receiver.

FIG. 3 is an illustration of an exemplary wireless communicationenvironment showing ways in which indoor and downtown environments canblock navigation satellite signals.

FIG. 4 is an illustration of an exemplary diagram showing a signalstructure of a navigation satellite in medium earth orbit (MEO).

FIG. 5 is an illustration of an exemplary diagram showing line of sightvectors of an MEO satellite (GPS) and a low earth orbit (LEO) satellite(Iridium™) over a city.

FIG. 6 is an illustration of an exemplary diagram showing anauthentication system based on signals from MEO, LEO and terrestrialsources according to an embodiment of the disclosure.

FIG. 7 is an illustration of an exemplary diagram showing antenna beamswithin one Iridium™ satellite footprint.

FIG. 8 is an illustration of an exemplary diagram showingsignal-to-noise ratio (C/N₀) vs. time for four antenna beams from anIridium™ satellite.

FIG. 9 is an illustration of an exemplary diagram showing a proximatesignature counterfeiting attack that can be performed by a signaturecounterfeiter.

FIG. 10 is an illustration of an exemplary diagram showing defeating aproximate signature counterfeiting attack using MEO satellite signalsaccording to an embodiment of the disclosure.

FIG. 11 is an illustration of an exemplary functional block diagram of asimulation system for an offshore signature counterfeiting attack thatcan be activated by a signature counterfeiter.

FIG. 12 is an illustration of an exemplary functional block diagram ofthe simulation system for an offshore signature counterfeiting attackshown in FIG. 10 showing how the offshore signature counterfeitingattack is defeated using LEO satellite signals according to anembodiment of the disclosure.

FIG. 13 is an illustration of an exemplary functional block diagram of asimulation system for a hybrid attack signature counterfeiting based onproximate signal capture and offshore processing that can be activatedby a signature counterfeiter.

FIG. 14 is an illustration of an exemplary functional block diagram of aspace-based authentication system according to an embodiment of thedisclosure.

FIG. 15 is an illustration of an exemplary flowchart showing alocation-based authentication process according to an embodiment of thedisclosure.

FIG. 16 is an illustration of an exemplary flowchart showing a clientlocation-based authentication process according to an embodiment of thedisclosure.

DETAILED DESCRIPTION

The following detailed description is exemplary in nature and is notintended to limit the disclosure or the application and uses of theembodiments of the disclosure. Descriptions of specific devices,techniques, and applications are provided only as examples.Modifications to the examples described herein will be readily apparentto those of ordinary skill in the art, and the general principlesdefined herein may be applied to other examples and applications withoutdeparting from the spirit and scope of the disclosure. Furthermore,there is no intention to be bound by any expressed or implied theorypresented in the preceding field, background, summary or the followingdetailed description. The present disclosure should be accorded scopeconsistent with the claims, and not limited to the examples describedand shown herein.

Embodiments of the disclosure may be described herein in terms offunctional and/or logical block components and various processing steps.It should be appreciated that such block components may be realized byany number of hardware, software, and/or firmware components configuredto perform the specified functions. For the sake of brevity,conventional techniques and components related to communication systems,network protocols, global positioning systems, satellites, and otherfunctional aspects of the systems (and the individual operatingcomponents of the systems) may not be described in detail herein.

Embodiments of the disclosure are described herein in the context of anon-limiting application, namely, an authentication system for a mobilephone application. Embodiments of the disclosure, however, are notlimited to such mobile phone applications, and the techniques describedherein may also be utilized in other applications. For example,embodiments may be applicable to a desktop computer, a laptop ornotebook computer, an iPod™, an iPad™, a cell phone, a personal digitalassistant (PDA), a mainframe, a server, a router, an internet protocol(IP) node, a server, a Wi-Fi node, a client, or any other type ofspecial or general purpose computing device as may be desirable orappropriate for a given application or environment.

As would be apparent to one of ordinary skill in the art after readingthis description, the following are examples and embodiments of thedisclosure and are not limited to operating in accordance with theseexamples. Other embodiments may be utilized and changes may be madewithout departing from the scope of the exemplary embodiments of thepresent disclosure.

Embodiments of the disclosure provide an authentication system thatprovides adequate received signal strength for a satellite signal to bereceived at a client device (client) which may be located in a lowsignal-to-noise-ratio (SNR) environment such as indoors in a citybuilding. In one embodiment signals from satellites in low earth orbit(LEO) and medium earth orbit (MEO) are combined. In another embodiment,the MEO and/or LEO satellite signals are augmented by coded signals fromterrestrial sources.

By combining the LEO and MEO signals, embodiments overcome likelyattempts to counterfeit a digital signature from the client. Two exampleattack strategies that may be used by counterfeiters comprise: aproximate attack and an offshore attack. Compared to existing solutions,embodiments of the disclosure provide a more secure authenticationsystem due to greatly increasing a cost and a complexity of acounterfeiting attack. For an example, embodiments of the disclosure canforce a proximate attacker to deploy attack receivers within tens ofmeters of a victim location. For another example, embodiments of thedisclosure can force an offshore attacker to deploy complicatedreceivers within tens of kilometers (or even hundreds of meters) of thevictim location.

Moreover, an embodiment requires that a digital signature contain codesfrom two overlapping antenna beams. By so doing, the embodiment canforce an offshore attacker to be within tens of kilometers of the victimlocation. If a transaction is of high value, then the authenticationserver may ask for a second signature taken at a time when two beamsoverlap over an asserted location. Such overlap situations can arisewithin a few tens of seconds.

In other embodiments, terrestrial sources of secure/secret signaturesare used in conjunction with MEO and LEO satellite signals. A coverageground antenna footprint of ground transmitters can be very small(hundreds of meters) and so force an attack receiver to be very close tothe victim location.

FIG. 1 is an illustration of an exemplary wireless communication system100 (system 100) for authenticating an asserted location based onsatellite signals according to an embodiment of the disclosure. Thesystem 100 may comprise MEO satellites 102, 104 and 106, orbiting in amedium earth orbit (MEO) 108, LEO satellites 110, 112 and 114, orbitingin a low earth orbit (LEO) 116, an optional terrestrial broadcaststation 122 (terrestrial source 122), a client 126 comprising asatellite receiver 200, an authentication server 128 comprising asatellite receiver 200, and a host network 194.

In one embodiment, an MEO satellite signal 118 from at least one of theMEO satellites 102, 104, and 106 in MEO 108 and an LEO satellite signal120 from at least one of the LEO satellites 110, 112 and 114 in LEO 116are combined.

In another embodiment, the MEO satellite signal 118 from at least one ofthe MEO satellites 102-106 in the MEO 108 and the LEO satellite signal120 from at least one of the LEO satellites 110-114 in LEO 116 areaugmented by coded terrestrial signals 160 from the terrestrial source122.

The LEO satellites 110-114 may comprise, for example but withoutlimitation, satellites from the Iridium™, Iridium™ NEXT, GlobalStarconstellations, or other satellite that may be utilized for position,navigation, or timing related applications.

The MEO satellites 102-106 may comprise, for example but withoutlimitation, a Global Navigation Satellite System (GNSS) satellite, aGlobal Positioning System (GPS™) satellite, a Globalnaya NavigatsionnayaSputnikovaya Sistema (GLONASS™) satellite, a BeiDou Navigation System(COMPASS™) satellite, a Galileo™ satellite, or other satellite that maybe utilized for position, navigation, or timing related applications.

The terrestrial source 122 may comprise a cell phone base station, awireless or wired access point, or other terrestrial source.

The MEO satellite signal 118 from the MEO satellite 102 can be processedat the client receiver module 200 of the client 126 to determinelocation 130, velocity and time of the client 126. The LEO satellitesignal 120 from the LEO satellite 110 (e.g., Transit SatelliteNavigation) can also be processed to yield estimates of location 130,velocity and time of the client 126.

The location 130 of the client 126 may be estimated using measurementsmade available from the MEO satellite signal 118 from at least one ofthe MEO satellites 102-106 and the LEO satellite signal 120 from atleast one of the LEO satellites 110-114. The estimates of the location130 are based on a minimum set of signal sources. System 100 applies tosimilar systems with a few MEO satellites plus a few LEO satellites,with or without a high quality user clock. Any suitable mathematicaltechnique may be used to estimate the location 130 based on, forexample, a minimum set of signal sources.

System 100 enables space-based authentication indoors and downtown.System 100 is configured to work with sparse sets of visible satellites;one MEO satellite 102 and one LEO satellite 110 are sufficient. If oneMEO satellite 102 and one LEO satellite 110 are visible, then the system100 is capable of instantaneously estimating and authenticating locationin two dimensions if a third dimension (e.g., altitude) is known and theuser equipment has a clock with adequate accuracy.

The client 126 (client device 126) may comprise the satellite receiver200 (client receiver module 200), and a client signature module 170. Theclient 126 is configured to track and locate the client 126 based onreceiving at least one of the MEO satellite signal 118 and/or the LEOsatellite signal 120 via a client antenna 198 as explained above.

The client receiver module 200 is configured to receive at least one MEOsatellite signal 118 from at least one MEO satellite 102 at the client126 to provide at least one client received MEO satellite signal 146.The client receiver module 200 is also configured to receive at leastone terrestrial signal 160 from at least one terrestrial source 122 atthe client device 126 to provide at least one client receivedterrestrial signal 162. The client receiver module 200 is alsoconfigured to receive at least one LEO satellite signal 120 from atleast one LEO satellite 110 at the client device 126 to provide at leastone client received LEO satellite signal 158.

The client signature module 170 is configured to construct a client MEOsignal signature 164 comprising samples over an MEO signature timeperiod of at least one client received MEO satellite signal 146. Theclient signature module 170 is also configured to construct a client LEOsignal signature 166 comprising samples over an LEO signature timeperiod of at least one client received LEO satellite signal 158. Theclient signature module 170 is also configured to construct a clientterrestrial signal signature 168 comprising a client terrestrial timewindow of at least one client received terrestrial signal 162. Theclient received MEO satellite signals 146, the client received LEOsatellite signal 158, and the client received terrestrial signal 162 maybe collectively referred to as client received signals 146, 158, 162herein. Also, the client MEO signal signature 164, the client LEO signalsignature 166, and the client terrestrial signal signature 168 may becollectively referred to as signature signals 164, 166 and 168, a clientsignature set 190, or location signatures 190 herein.

Data transmission of the client terrestrial signal signature 168 fromthe the client device 126 to the authentication server 128 may be sentin a single wideband signature from the client or in a plurality ofseparate data packets. At least one terrestrial source 122 may also senda single or multiple data transmissions to the authentication server128.

The client 126 may support many consumer applications. For example, manyfinancial transactions utilize cell phones as the client 126 indoors ina city building. The client 126 may comprise, wired or wirelesscommunication devices such as, but without limitation, a desktopcomputer, a laptop or notebook computer, an iPod™, an iPad™, a cellphone, a personal digital assistant (PDA), a mainframe, a server, arouter, an internet protocol (IP) node, a server, a Wi-Fi node, or anyother type of special or general purpose computing device that comprisesthe satellite receiver 200 capable of receiving the client received MEOsatellite signal 146, and as may be desirable and appropriate for agiven application or environment.

The authentication server 128 is configured to receive or estimate thesignature signals 164, 166 and 168 (client signature set 190) for thelocation 130. The authentication server 128 may receive the clientsignature set 190 via a wired communication link 136, a wirelesscommunication channel 138, a combination thereof, or estimate the clientsignature set locally at the authentication server 128. Theauthentication server 128 may comprise the satellite receiver 200(server receiver module 200), a server client data module 172, a serverdata module 174, a correlation module 152, and an authentication module154.

The server receiver module 200 may also be configured to receive atleast one MEO satellite signal 118 at the authentication server 128(server device 128) to provide at least one server received MEOsatellite signal 156. The server receiver module 200 is also configuredto receive at least one LEO satellite signal 120 at the server device128 to provide the at least one server LEO satellite signal 148. Theserver receiver module 200 may also be configured to receive at leastone terrestrial signal 160 at the server device 128 to provide the atleast one server received terrestrial signal 196. The server LEOsatellite signal 148, the server received MEO satellite signal 156, andthe server received terrestrial signal 196 may be collectively referredto as server received signals 148, 156, 196 herein.

The client received LEO satellite signal 158 may comprise two clientreceived LEO satellite signals (e.g., overlap area 712 FIG. 7) receivedfrom two of the LEO satellites 110 and 112. The server LEO satellitesignal 148 may comprise two server received LEO satellite signals (e.g.,overlap area 712 FIG. 7) from the two of the LEO satellites 110 and 112.

The server client data module 172 is configured to receive the clientMEO signal signature 164 comprising samples over an MEO signature timeperiod of at least one client received MEO satellite signal 146 receivedfrom at least one of the MEO satellites 102-106. The server client datamodule 172 is also configured to receive a client LEO signal signature166 comprising samples over an LEO signature time period of at least oneclient received LEO satellite signal 158 received from at least one LEOsatellite 110. The server client data module 172 may also be configuredto receive a signal signature 168 comprising a time window of at leastone client received terrestrial signal 162 received from at least oneterrestrial source 122.

The server data module 174 is configured to construct a server MEOsignal signature 176 comprising samples over the MEO signature timeperiod of at least one server received MEO satellite signal 156 receivedfrom at least one MEO satellite 102. The server data module 174 is alsoconfigured to construct a server LEO signal signature 178 comprisingsamples over the LEO signature time period of at least one server LEOsatellite signal 148 of at least one LEO satellite 110. The at least oneserver LEO satellite signal 148 may be transmitted to or received fromthe at least one LEO satellite 110. The server data module 174 may alsobe configured to construct a server terrestrial signal signature 180comprising the client terrestrial time window of at least one serverreceived terrestrial signal 196 received from at least one terrestrialsource 122. The server data module 174 may be operable to function withvarious types of satellite signals (e.g., from Iridium—LEO, MEOsatellites, etc.), and various numbers of the server data module 174 maybe used. For example, there may be separate server data modules 174 foreach signal type received.

The correlation module 152 (comparison module 152) is configured tocompare the client MEO signal signature 164 and the server MEO signalsignature 176 to provide an MEO comparison result 182. The correlationmodule 152 is also configured to compare the client LEO signal signature166 and the server LEO signal signature 178 to provide an LEO comparisonresult 184. In an embodiment, the correlation module 152 may also beconfigured to compare the client terrestrial signal signature 168 andthe server terrestrial signal signature 180 to provide a terrestrialcomparison result 186.

The authentication module 154 is configured to authenticate the location130 of the client device 126 based on the MEO comparison result 182 andthe LEO comparison result 184. In one embodiment, the authenticationmodule 154 is configured to authenticate the location 130 of the clientdevice 126 based on the MEO comparison result 182, the LEO comparisonresult 184, and the terrestrial comparison result 186. Theauthentication module 154 is also configured to generate anauthentication message 124 indicating an authentication decision. In atleast one embodiment, the authentication module 154 may be configured togenerate an authentication message 124 that may be used by anothermodule to make the authentication decision and may further assist incarrying out the appropriate action associated with that decision whichmay comprise, without limitation, granting the client device 126 accessto a protected resource and rejecting the client device 126 access to aprotected resource.

In at least one embodiment, the authentication module 154 used to makethe authentication is a part of a same authentication system 100. In atleast one other embodiment, the authentication module 154 used to makethe authentication is a part of a host network 194 separate from theauthentication server 128, for example, where an authentication serviceis provided to the host network 194.

The host network 194 may comprise, for example but without limitation, abank, an e-commerce system, a financial institution, or other system.For example, an authentication response in the host network 194 may beresponsible for managing policies such as authentication decisionpolicies. The authentication response may comprise a position estimateand a covariance and the host network 194 may uses its decision policiesto determine if the client device 126 is within defined thresholds forauthentication or whether authentication should be rejected. The hostnetwork 194 may also take other authentication/authorization informationinto account prior to providing/restricting access to a protectedresource.

An attacker may attempt to spoof the satellite signals such that theclient 126 senses and/or reports a false position 132. Spoofing may beof general concern because networked systems are increasingly being usedto support location transactions that have financial value orsafety-of-life implications.

System 100 overcomes likely attempts to counterfeit a signature set fromthe client 126 by utilizing secure/secret codes broadcast by the LEOsatellites 110-114, the MEO satellites 102-106 and the terrestrialsource(s) 122 as explained in more detail below in the context ofdiscussion of FIGS. 4 and 6 below. In this manner, system 100 fends offsophisticated attempts to counterfeit the signature set in the proximateand offshore attacks. The term secure/secret codes may be used in thisdocument to refer to codes that are used to make information selectivelyaccessible.

Compared to existing systems, system 100 provides better indoor anddowntown coverage, because the authentication message 124 can beproduced based on one LEO satellite signal and one MEO satellite signalas explained in more detail in the context of discussion of FIG. 5below.

Many financial transactions utilize mobile devices such as cell phonesor laptops such as the client 126 indoors or downtown. Such financialtransactions may occur on platforms that are low cost and operating inobstructed signal environments. Two criteria may be important to adesign of such a cost-effective satellite-based authentication system.First, data should be available from the satellite receiver 200 includedin the cell phone. Second, the satellite-based authentication systemshould operate with the client received signals 146, 158, and 168 thatare expected where cell phone users congregate—indoors and downtown. Thefirst criterion is reflected in FIG. 2 that shows basic signalprocessing steps in the satellite receiver 200. The second criterion fora satellite-based authentication system is depicted in FIG. 3.

FIG. 2 is an illustration of an exemplary simplified functional blockdiagram of the satellite receiver 200 shown in FIG. 1. The satellitereceiver 200 may comprise satellite receiver elements widely used forestimating location from global navigation satellites systems. Thesatellite receiver 200 shown in FIG. 1 may use existing satellitereceiver architecture to utilize existing infrastructure and receivers,thereby not adding significant complexity to a receiver. The satellitereceiver 200 may comprise, for example but without limitation, an LEOsatellite receiver, an MEO satellite receiver, or other receiver. FIG. 2is an exemplary simplified function block diagram of a satellitereceiver widely used for estimating location from global navigationsatellites systems. The satellite receiver 200 shown in FIG. 1 makes useof an architecture of the satellite receiver in large extent, withoutadding appreciable complexity to receivers represented by FIG. 2.

As shown in FIG. 2, the satellite receiver 200 (client receiver module200) receives radio frequency signals such as the client received MEOsatellite signal 146, and the client received LEO satellite signal 158at the client antenna 198. The satellite receiver 200 then demodulatesthe client received MEO satellite signal 146, and the client receivedLEO satellite signal 158 from the MEO satellite signal 118 and the LEOsatellite signal 120 received at the client 126 respectively. Thesatellite receiver 200 demodulates the client received MEO satellitesignal 146, and the client received LEO satellite signal 158 by downconverting the client received MEO satellite signal 146, and the clientreceived LEO satellite signal 158 from radio frequency (RF) to anintermediate frequency (IF) or baseband by the down convertor 202 andband pass filtering the down converted client received signals 218 bythe band pass filter 204.

The satellite receiver 200 then converts low pass or band pass filteredclient received signals 220 from analog signals to digital signals by ananalog to digital converter (ADC) 206 to provide digital client receivedsignals 222. The satellite receiver 200 then removes a C/A code from thedigital client received signals 222 by a code wipe-off 210. Thesatellite receiver 200 may then remove the in-phase carrier 402 from thedigital client received signals 222 by a carrier wipe-off 212. Code andcarrier wipe-off is generally used in consumer receivers similar that ofFIG. 2, but code and carrier wipe-off may or may not occur in receiver200.

The satellite receiver 200 then correlates the digital client receivedsignals 222 with respective replicas of the digital client receivedsignals 222 at the client 126 using a correlation module 214 to estimatean estimated pseudo-range for each satellite in view. The estimatedpseudo-range for each satellite in view are then used to estimate thelocation 130, a velocity and a time offset of the client 126 at anoutput 216. The location 130 can be computed using one LEO satellite andone MEO satellite as explained above.

FIG. 3 is an illustration of an exemplary wireless communicationenvironment (environment 300) showing ways in which indoor and downtownenvironments can block navigation satellite signals. A nominal receivedsignal strength 304 of the received GPS signal may be, for example,approximately −130 dBm (or 10E-16 Watts). The satellite receiver 200under open sky can expect the nominal received signal strength 304.However, the client 126 such as a cell phone may operate indoors in acity building where an attenuated received signal strength 302 drops to−140 dBm or −160 dBm or even weaker. Thus, the authentication server 128may be capable of operating at these lower levels of the attenuatedreceived signal strength 302.

FIG. 4 is an illustration of an exemplary diagram 400 showing a signalstructure 400 broadcast by an MEO satellite. The MEO satellite signal118 comprises a signal 402 at frequency L1, which is used as a carrier(in-phase carrier 402) to modulate the navigation message 410 that ismodulated with a Code Division Multiple Access (CDMA) code 406, commonlyreferred to as a “Coarse/Acquisition” (C/A) code. For a GPS system, theC/A code may be variously known as “Coarse/Acquisition”, “Clear/Access”,and “Civil/Access”. The MEO satellite signal 118 transmits at least oneother signal employing the same carrier frequency that is shifted 90degrees (quadrature signal 404). For GPS, the quadrature signal 404 ismodulated by another code, known as an encrypted “P(Y)” code 408. TheP(Y) code 408 is either a “precision” (P) code, which is publicly known(known (P) code), or an encrypted “Y” code (unknown code (Y). GNSSsatellites use an unknown code and, consequently, a resultingtransmitted signal that is encoded with the unknown code cannot be usedby anyone other than those who have a decryption algorithm and key forthe unknown code.

The navigation message 410 modulates both the known and unknown codesbroadcast by the MEO satellites 102-106. The navigation messages 410comprise information such as location and time of the MEO satellite 102coarse location of the other MEO satellites 104, 106, and otherinformation. The navigation messages 410 modulates both the known codeand the unknown code broadcast by for example the MEO satellites 102,via the MEO satellite signal 118. For GNSS, the navigation messages 410are broadcast at 50 to 1000 bit per second (bps), and are thus distinctfrom spread spectrum codes that also modulate the MEO satellite signal118 from the MEO satellite 102. The navigation messages 410 vary slowlyat 50-1000 bit per second compared to the underlying spectrum-spreadingcodes at 1.023 Mcps (C/A code) or 10.023 Mcps (Y code).

The C/A code is publicly known and, consequently, the satellite receiver200 may be subject to a spoofing signal. A hostile party can generate afacsimile of one or more satellite signals that carry incorrectinformation. An existing satellite receiver at an existing client thataccepts the spoofing signal may compute an incorrect position, and maybe caused to compute a position that the hostile party wishes to havethe existing satellite receiver compute.

FIG. 5 is an illustration of an exemplary diagram showing line of sightvectors 500 of MEO satellites 102-106 (e.g., GPS) and LEO satellites110-114 (e.g., Iridium™) over a city. As explained above, compared toexisting solutions, the system 100 offers better indoor and downtowncoverage, because an authenticity decision can be made on a basis ofonly one LEO satellite and one MEO satellite. FIG. 5 shows line-of-sightvectors 502 of 11 GPS satellites from the MEO 108 and line-of-sightvectors 504 from two LEO satellites from the LEO 116. The line-of-sightvectors 504 from the LEO satellite signal 120 of two LEO satellites 110and 112 are shown as a fan, because Iridium™ satellites move over muchof a sky area in, for example, an approximately 200 second window asshown in FIG. 5.

One of the line-of-sight vectors 504 from the two LEO satellites 110 and112 is likely to be visible to the client 126, because the LEO satellitesignal 120 has much higher received power than the MEO satellite signal118 by virtue of a lower altitude of the LEO satellite signal 120. Areceived signal strength from the LEO satellites 110 and 112 may be, forexample, approximately 30 to 40 dB more powerful than a received signalstrength from the MEO satellites 102-106.

In addition, at least one of the 11 line-of-sight vectors 502 from theMEO 108 may be visible to the client 126, because many navigationsatellites are in the MEO 108. One or more of the MEO satellites 102-106may be visible through a window in a building. Furthermore, one or moreMEO satellite signal 118 of the of the MEO satellites 102-106 may bestrong enough to propagate through a wall or roof.

Compared to the existing systems, the system 100 significantly improvesthe indoor and downtown coverage of space-based authentication. Inaddition, system 100 provides a possibility of using a secure/secretsignature broadcast by the terrestrial source 122, which may furtherstrengthen an authentication process in severe signal environments.

In addition, system 100 can overcome likely attempts to counterfeit thesignature set 190 from the client 126, because secure/secret codes fromeither MEO or LEO are not known in advance. In addition, system 100 isalso effective against attackers that may try to co-observe thesecure/secret codes and broadcast a modified counterfeit in real-time.Two real-time attack strategies that could be used by counterfeiters areconsidered herein: the proximate attack and the offshore attack asexplained in more detail below.

The proximate attack places a receiver close to a victim location. Theproximate attack may not require expensive equipment, but an attackingreceiver must be close to a victim location so that the attackingreceiver captures substantially a same signal signature. System 100 mayovercome a proximate attack by utilizing high precision ranging signalssuch as high precision ranging signals generally broadcast from GNSSsatellites in MEO 108. The high precision ranging signals support aninstantaneous accuracy of approximately ten meters; thus, by using thehigh precision ranging signals, embodiments of the disclosure force anattack receiver to be very close to the victim location. At shortdistances, the attack receiver may be conspicuous and substantially moreeasily detectable than at a long distance.

Counterfeiters may also attempt a so-called offshore attack in real-timeor near real-time. In this case, an attacker processes received signalsto build a digital signature that should be received at a remotelocation. The offshore attack differs from the proximate attack, becausethe attacker may use more complex signal processing to reduce a numberof proximate attack receivers. System 100 overcomes the offshore attackby utilizing LEO satellite signals 120 that have smaller (small) groundantenna footprints 702 (antenna beam footprints 702) (FIG. 7) relativeto antenna footprints of MEO satellites. For example, Iridium™satellites have antenna footprints of only a few hundred kilometers, anda secure/secret code 602 (FIG. 6) may be used which could be unique toeach of the small ground antenna footprints 702 (antenna beam footprints702). Thus, the offshore attacker can be forced to be within a diameterof the small ground antenna footprints 702. Moreover, an embodiment mayrequire that a signature contain the secure/secret code(s) 602 from twooverlapping small ground antenna footprints 702 (FIG. 7).

FIG. 6 is an illustration of an exemplary diagram showing anauthentication system based on signals from MEO, LEO and terrestrialsources according to an embodiment of the disclosure. System 600utilizes secure/secret codes (e.g., beam-specific keys for thesatellite(s) and terrestrial key for the pseudo-satellite(s)) broadcastby the LEO satellite 110 and the MEO satellite 102 and the terrestrialsource 122.

The MEO measurements are authenticated by the secure/secret codes 408associated with most of the Global Navigation Satellite Systems (e.g., Yor M codes within GPS or Public Regulated Service within Galileo. Theclient 126 collects a radio frequency or intermediate frequency (RF orIF) signature (client MEO signal signature 164) and sends this signatureto the authentication server 128. This signature may be accompanied withan asserted location of the location 130, and/or an associated request.The authentication server 128 correlates these snapshots with thesecure/secret codes received at another location. The authenticationserver 128 ascertains that the secure/secret codes 408 within the clientsignature set 190 have the correct time delay relative to the publiccodes 406. Alternatively, the authentication server 128 determines thatthe location 130 of the client 126 based on the client signature set 190is approximately equal to the asserted client location.

As shown in FIG. 6, the LEO satellite 110 also broadcasts secure/secretcodes 602. Once again, the client 126 collects RF and/or IF snapshots(client LEO signal signature 166) and sends them to the authenticationserver 128 for correlation and validation. In one embodiment, the MEOsecure/secret code 408 and the LEO secure/secret code 602 are containedin a single wideband signature such as the signature set 190 from theclient 126.

In one embodiment, secure/secret codes 604 from the server terrestrialsignal 196 of the terrestrial sources 122 are used. These secure/secretcodes 604 are particularly important in signal environments that blocksatellite signals and when offshore attackers are likely. If the serverterrestrial signal 196 is in an adjacent frequency bands, then theirsignature could also be contained in the LEO/MEO signature of thesignature set 190. If not, all three signals (LEO, MEO and terrestrial)could be converted to a common intermediate frequency and thus containedin a common signature in the signature set.

In some embodiments, the codes 604 from the server terrestrial signal196 of the terrestrial sources 122 may not be secure/secret. By virtueof their coverage area, the codes 604 that are not secure/secret may addan additional obstacle to an electromagnetic attacker without anembedded secure/secret code.

While aspects of correlation processing are similar, several importantdifferences exist between the LEO and MEO signatures. For example, LEOsatellite signals 120 are much more powerful than MEO satellite signals118, because the LEO satellites 110-114 are closer to the earth.However, the MEO satellite signals 118 tend to be more plentiful for anygiven receiver, because the MEO satellites 102-106 are at higheraltitudes and thus more widely visible. As mentioned earlier, theseproperties are complementary. The client signature set 190 is likely tocontain at least one LEO satellite signal 120 and one MEO satellitesignal 118, because the signals are powerful and plentiful respectively.

For another example of differences in the LEO and MEO signatures, theclient 126 may be a transceiver, and is able to receive and send controlsignals to the LEO control segment. Thus, it can ask the authenticationserver 128 to commence transmission of the secure/secret code 602 fromthe LEO satellite 110. Alternatively, the authentication server 128 maycommand the client 126 to collect the RF snapshot at a specific time.

For another example of differences in the LEO and MEO signatures, thesecure/secret code 602 of the LEO satellite 110 can be transmitted onantenna beams to each of the antenna beam footprints 702 individuallywithin a satellite footprint 700. FIG. 7 shows typical antennafootprints for an Iridium™ satellite over North America.

FIG. 7 is an illustration of an exemplary diagram showing antenna beamfootprints 702 within one Iridium™ satellite footprint 700 (footprint700). FIG. 7 shows a typical footprint such as the Iridium™ footprint700 for an Iridium™ satellite over North America. The Iridium™ footprint700 almost covers North America; a diameter for the footprint 700 isapproximately 4000 km. However, the footprint 700 contains more thantwenty individual small ground antenna beam footprints 702 (antennabeams 702) that are also shown on FIG. 7. The antenna beam footprints702 near an edge 704 of the footprint 700 tend to be larger; their longaxis can be 500 km or more. Antenna beams 706 near the center 710 of thefootprint 700 can be quite small with diameters of 100 km or so. Sincethe overall footprint 700 passes overhead in eight to ten minutes, andeach of the antenna beam footprints 702 may pass individually overheadin 100 to 200 seconds. An overlap area 712 is generally substantiallysmaller than an area of one of the antenna beam footprints 702. FIG. 8shows the C/N₀ for four of the antenna beam footprints 702 individuallywhen received by a static client such as the client 126.

FIG. 8 is an illustration of an exemplary diagram 800 showingsignal-to-noise ratio (C/N₀) vs. time for four of the antenna beamfootprints 702 from Iridium™ satellite. FIG. 8 shows the C/N₀ curves802/804/806/808 for four of the antenna beams 702 individually whenreceived by a static client such as the client 126. The curves 802 and804 show C/N₀ for the antenna beams 702 that are in view forapproximately 200 seconds. The curves 806 and 808 show C/N₀ for antennabeams that only last approximately 100 seconds.

The secure/secret MEO codes 408 and LEO codes 602 can be used toauthenticate the putative location asserted by the client 126 via thesignature set 190, because secure/secret MEO codes 408 and LEO codes 602are difficult to predict. Thus, an attacker cannot readily obtain andstore the signature set 190 for use at an opportune time in the future.More importantly, the space-based authentication system 100 survives thepresence of sophisticated spoofers that are trying to counterfeit thesignatures in real-time.

By so doing, the system 100 forces the “offshore” attacker to be withintens of kilometers of the victim location. If the transaction is of highvalue, then the authentication server can simply ask for a secondsignature taken at a time when two beams overlap over the assertedlocation. These overlap situations can arise within, for example,approximately a few tens of seconds. The system 100 allows for theinclusion of terrestrial radio signals that carry a secure/secretsignature. In this case, the attack radius is reduced to the range ofthe terrestrial radio signal; this means that the attack receiver mayneed to be within a few hundred meters of the victim location.

In some embodiments, the system 100 allows for the inclusion ofterrestrial radio signals that carry a non-secure/secret signature. Inthis case, the attack radius can still be reduced to the range of theterrestrial radio signal in that the attack receiver may need to bewithin a few hundred meters of the victim location even to receive thenon-secure/secret signature. Such systems utilizing non-secure/secretsignature may utilize existing ground systems that may or may not have asecure/secret code in transmissions.

FIG. 9 is an illustration of an exemplary diagram 900 showing a means todefeat proximate signature counterfeiting attack that can be performedby a signature counterfeiter. As shown in FIG. 9, the attacker places areceiver 902 close to the location 130 to be attacked. The attackerwishes to generate a signature that is very similar to the signature set190 that would be collected at the location 130 under attack. To thisend, the attacker simply views the same set of satellites that the(authentic) client 126 would, and generates a counterfeit signature 904based on these observations. This counterfeit signature 904 is sent withthe asserted position fix to the authentication server 128. The attackmay be effective, because it is launched from a location 906 that isnear the asserted location of the location 130.

FIG. 10 is an illustration of an exemplary diagram showing a means todefeat a proximate signature counterfeiting attack using MEO signalsaccording to an embodiment of the disclosure. The MEO portion of thesystem 100 mitigates the proximate attack, because the MEO secure/secretcode 408 has high bandwidth. Therefore, the MEO secure/secret code 408is very precise and support high accuracy. For example, the Y codeaccuracy 1002 of GPS is generally better than 5 meters. Even in urbanand indoor environments, this accuracy is typically 50 meters or so.Hence, this MEO accuracy can resolve the attack location and the victimlocation unless the attacker is within 100 meters or so of the assertedlocation. In addition, the authentication server 128 can detect multipleattacks if they are all generated from a single attack location, forexample, the parking lot of a busy mall.

The offshore attack attempts to defeat a combine MEO signature and LEOsignature authentication with a sophisticated antenna, receiver andprocessing system. It differs sharply from the proximate attack. Theproximate attack places very simple equipment close to the user locationunder attack. As such, the proximate attack requires a large deploymenteffort. After all attack receivers must be placed in proximity to thelocation to be attacked so that the receiver can capture the satellitesignatures from that location. In contrast, the offshore attacker tradesprocessing complexity for proximity. It uses sophisticated signalprocessing so that it can attack from a distance. This signal processoris used to generate the signatures that would exist at the remotelocations under attack. The proximate attack must place a receiverwithin, for example, approximately 100 meters or so of the locationunder attack. In contrast, the offshore attack might place its antennaand signal-processing engine, for example, approximately 1000 km or morefrom the location under attack.

FIG. 11 is an illustration of an exemplary functional block diagram of asimulation system 1100 for an offshore signature counterfeiting attackthat can be activated by a signature counterfeiter. Many variationsexist, but this attack system can be broken into two pieces:satellite-specific processing 1102, and victim-specific processing 1110.

The satellite-specific processing 1102 is used to receive and separatethe signals from the different satellites in view of the offshoreattacker. Controlled radiation pattern antennas (CRPAs) 1104 may be usedto extract the individual satellite signals, but other techniques may beused by the off shore attacker. For example, Doppler shifts or W codeprocessing could be used to separate the satellite signals.

The controlled radiation pattern antenna (CRPA) 1104 can synthesizebeams that amplify and isolate the signals from the individual GNSSsatellites in view. These signals are processed in individual receiverfront ends 1106 that amplify, filter and down convert the signals. Thenthe signals are phase shifted by phase shifters 1108 to synthesize anindividual beam for each satellite in view of the offshore attackfacility. The phase shifting operation can be envisaged as a matrix withK rows and N columns, where K is the number of satellites in view and Nis the number of elements in the beam-forming antenna. The literaturedescribes many algorithms that can be used to adapt the weights tocreate beams that point at the individual satellites. These algorithmscan also create nulls to attenuate nearby radio frequency interference.

The victim-specific processing 1110 builds the satellite signature forany given victim location by introducing appropriate time delays andDoppler shifts 1112 into the signals separated by the satellite-specificprocessing 1102. GNSS simulators can be used to provide the appropriatetime delay and Doppler shifts 1112 for the client 126 at a victimlocation such as the location 130. While this process is complicated,suitable (or nearly suitable) simulators exist on the marketplace today.

The victim-specific processing 1110 predicts the pseudo-range delays andDoppler shifts that should exist at the victim location such as thelocation 130. The predicted pseudo-range delays are used to time shiftthe signals that have been captured by the satellite-specific processor1102. The predicted Doppler shifts are used to frequency shift thesignals that have been captured by the satellite specific processor1102. After shifting, the satellite signals are attenuated to emulatethe victim environment. Perhaps, multipath is added if the victimlocation 130 is downtown or indoors. After the individual satellitesignals are built they are added together with random noise and sampledto create the counterfeit signal signature 1114.

FIG. 12 is an illustration of an exemplary functional block diagram 1200of the simulation system for an offshore signature counterfeiting attackshown in FIG. 10 showing how the offshore signature counterfeitingattack is defeated using LEO signals according to an embodiment of thedisclosure.

The offshore attack is complicated, but it is feasible. It may even becost effective if one attack location can attack many victim locations.Fortunately, the system 100 described herein mitigates the feasibilityof the offshore attack. System 100 countermeasure the offshore attackbased on the LEO satellite 110. As described above, the LEO footprint700 is approximately 4000 km in diameter. However, it is broken intomany small ground antenna beam footprints 702 or the antenna beamfootprints 702 as shown in FIG. 7. These individual small ground antennabeam footprints 702 (antenna beams 702) are typically about 100 kmacross and pass overhead in, for example, about 100 to 200 seconds.System 100 broadcasts a unique code 602 for each beam. In fact, it mayonly broadcast a unique code 602 in response to the client 126 requestfor authentication. Thus, the offshore attacker must be within 100 km ofthe victim location such as the location 130. FIG. 12 depicts thisconstraint; the attacker located at a location 1202 cannot attack alocation 1204. Even with the signal processing shown in FIG. 11, theattacker simply cannot see the codes broadcast from the beam that coversthe location 1204. Thus, the attacker cannot build the counterfeitsignal signature 1114.

System 100 includes two additional features that make the offshoreattack even more costly. For high value transactions, the authenticationserver 128 can require that a putative such as the client 126 provide anRF signature that contains the codes from two overlapping beams. FIGS. 7and 12 show that beam overlaps 708 are commonplace, but very small inarea; some are only tens of kilometers in diameter. Thus the “offshore”attacker would have to be within tens of kilometers of the victimlocation; it is no longer offshore. A victim location may not lie withinone of the beam overlaps 708 at the time of the proffered transaction.If the value of the transaction is high, the authentication server 128may ask for a second signature at the time of an overlap because theantenna beam footprints 702 from the LEO satellite 110 are movingquickly and the delay would only be tens of seconds as shown in FIG. 8.

FIG. 13 is an illustration of an exemplary functional block diagram 1300of a simulation system for a hybrid attack signature counterfeitingbased on proximate signal capture and offshore processing that can beactivated by a signature counterfeiter.

As shown in FIG. 13, the attacker places the antenna close to the victimlocation. Thus, the attacker is within the same LEO beam as the victim.Moreover, it can even be within the same beam overlap. The attackhardware may consist of a beam steering antenna or a single elementantenna. In either case, the collected signature is backhauled to theattack server over any suitable data link.

The hybrid attack server is more complicated than the offshore attackserver. Both must separate the signals from the different satellites,but the hybrid attacker must spawn a separation process for eachsatellite and victim location. If there are K satellites in view and Vvictims, then the attack server must support KxV processes. Recall thatthe offshore attacker only needed to separate the satellite in view ofthe attack server (K processes). Thus, the system 100 forced the hybridattacker to suffer both two appreciable costs: measurement equipmentproximate to every victim location of interest and a complicatedprocessor with the attendant time delays.

FIG. 14 is an illustration of an exemplary functional block diagram of aspace-based authentication system 1400 (system 1400) according to anembodiment of the disclosure. Some embodiments of the system 1400 maycomprise additional components and elements configured to support knownor conventional operating features that need not be described in detailherein. In the embodiment shown in FIG. 14, the system 1400 can be usedto transmit and receive data according to embodiments of the disclosure.System 1400 may have functions, material, and structures that aresimilar to the embodiments shown in FIGS. 1-8. Therefore commonfeatures, functions, and elements may not be redundantly described here.

The system 1400 generally comprises the client 126 and theauthentication server 128.

The client 126 may comprise a client demodulation module 1450comprising: a down converter 202, and an ADC 206, a client signaturemodule 170, an encryption module 1404, a client processor module 1406(processor module 1406), a client memory module 1408 (memory module1408), and a software configurable radio module 1436 (SCR 1436).

The SCR 1436 may comprise an MEO processor module 1442, a LEO processormodule 1444, and a terrestrial processor module 1446 to demodulate theMEO satellite signal 118, the LEO satellite signal 120 of the clientreceived MEO satellite signal 146 and the coded terrestrial signal 160respectively. The SCR 1436 may manage a contribution of the MEOsatellite signal 118, the LEO satellite signal 120 and the codedterrestrial signal 160 to authentication of a location of the client126.

The client signature set 190 sent from the client 126 to theauthentication server 128 via signature signals 164, 196, 168respectively comprises the RF/IF signature 208. The RF/IF signature 208comprises samples of the client received MEO satellite signals 146, theclient received LEO satellite signals 158, and the client receivedterrestrial signals 162 (radio frequency (RF) or intermediate frequency(IF) signal) captured by the client antenna 198 at the client 126,generating the client signature set 190.

In the embodiment shown in FIG. 14, the client 126 need not track theclient received MEO satellite signals 146, the client received LEOsatellite signals 158, and the client received terrestrial signals 162.As shown in FIG. 14, tracking and bit demodulation are performed by atracking and bit demodulation module 1428 located at the authenticationserver 128. However other arrangements may also be used.

The authentication server 128 may comprise the server antenna 150, aserver demodulation module 1440, an authentication decision module 1424,a tracking and bit demodulation module 1422, the server data module 174,the server client data module 172, a decryption module 1430, a serverprocessor module 1432 (processor module 1432), a server memory module1434 (memory module 1434), and the software configurable radio module1436 (SCR 1436).

The server demodulation module 1440 comprises, a down converter 1412configured to perform conversion from RF to baseband, a band pass filter1414 configured to perform a band pass filtering, an ADC 1416 configuredto perform analog to digital conversion, a code wipe-off 1418 configuredto remove the C/A code, and a carrier wipe-off 1420 configured to removethe in-phase carrier 402.

The tracking and bit demodulation module 1422 may be configured toestimate data bits of the server received signals 148, 156, and 196.

The tracking and bit demodulation module 1428 may be configured toestimate data bits of client received signals 146, 158, and 162.

The server client data module 172 is configured to construct the clientMEO signal signature 164, the client LEO signal signature 166 and theclient terrestrial signal signature 168 to provide the signature set 190as explained above.

The server data module 174 is configured to construct the server MEOsignal signature 176, the server LEO signal signature 178 and the serverterrestrial signal signature 180 to provide a server signature set 192.

The client signature set 190 and the server signature set 192 arecompared by the authentication decision module 1424 to generate theauthentication message 124.

Encryption module 1404 and decryption module 1430 are used to furtherstrengthen authentication performance. A client-unique key (or devicesignature) is concatenated with the GNSS signature set from the client126. The client-unique key may be based on, for example but withoutlimitation, cryptographic symmetric cryptography (e.g., AES), asymmetriccryptography (e.g., public-private cryptography), physically unclonablefunctions (PUFs), or other cryptography. The client-unique key is usedto modify the client signature set 190 in such a way that positionverification at the authentication server 128 is generally onlysuccessful if the server's copy of the client-unique key matches oneused to create the server signature set.

A satellite signature can be considered as a plaintext for a deviceencryption. The satellite signature may also contain an underlyingclient position velocity time (PVT) information that will also beverified by correlating the satellite signature captured by the client126 with corresponding data at a satellite reference receiver. Thus, aconcatenated security system is generated.

Processor modules 1406/1432 may be implemented, or realized, with ageneral purpose processor, a content addressable memory, a digitalsignal processor, an application specific integrated circuit, a fieldprogrammable gate array, any suitable programmable logic device,discrete gate or transistor logic, discrete hardware components, or anycombination thereof, designed to perform the functions described herein.In this manner, a processor may be realized as a microprocessor, acontroller, a microcontroller, a state machine, or the like.

A processor may also be implemented as a combination of computingdevices, e.g., a combination of a digital signal processor and amicroprocessor, a plurality of microprocessors, one or moremicroprocessors in conjunction with a digital signal processor core, orany other such configuration. In practice, processor modules 1406/1432comprise processing logic that is configured to carry out the functions,techniques, and processing tasks associated with the operation of thesystem 1400.

In particular, the processing logic is configured to support theauthentication method described herein. For example, the processormodules 1406/1432 may each comprise a software configurable radio module1436 (SCR 1436) operable to select parameters for demodulating signalsbased on various satellite and terrestrial communication protocols. Forexample, the SCR 1436 may comprise an MEO processor module 1442, an LEOprocessor module 1444, and a terrestrial processor module 1446 todemodulate the MEO satellite signal 118, LEO satellite signal 120 of theclient received MEO satellite signal 146 and the coded terrestrialsignal 160 respectively.

For another example, the client processor module 1406 may be suitablyconfigured to send the client signature set 190 from the client 126 tothe authentication server 128 via an antenna (not shown). For anotherexample, the server processor module 1432 may be suitably configured tosend the authentication message 124 to another server or to the client126 via an antenna (not shown). Furthermore, the steps of a method oralgorithm described in connection with the embodiments disclosed hereinmay be embodied directly in hardware, in firmware, in a software moduleexecuted by processor modules 1406/1432, or in any combination thereof.

The memory modules 1408/1434, may be realized as a non-volatile storagedevice (non-volatile semiconductor memory, hard disk device, opticaldisk device, and the like), a random access storage device (for example,SRAM, DRAM), or any other form of storage medium known in the art. Thememory module 1408/1434 may be coupled to the processor modules1406/1432 respectively such that the processor modules 1406/1432 canread information from, and write information to memory modules1408/1434.

As an example, the processor module 1406 and memory module 1408, theprocessor module 1432 and the memory module 1434 may reside in theirrespective ASICs. The memory modules 1408/1434 may also be integratedinto the processor modules 1406/1432 respectively. In an embodiment, thememory module 1408/1434 may include a cache memory for storing temporaryvariables or other intermediate information during execution ofinstructions to be executed by processor modules 1406/1432. The memorymodules 1408/1434 may also include non-volatile memory for storinginstructions to be executed by the processor modules 1406/1432.

For example, the memory modules 1408/1434 may include a locationdatabase (not shown) for storing the location signatures 190/192, andother data in accordance with an embodiment of the disclosure. Foranother example, the client memory module 1408 may store the replica ofthe digital client received signals 222 at the client 126. Those skilledin the art will understand that the various illustrative blocks,modules, circuits, and processing logic described in connection with theembodiments disclosed herein may be implemented in hardware,computer-readable software, firmware, or any combination thereof. Toclearly illustrate this interchangeability and compatibility ofhardware, firmware, and software, various illustrative components,blocks, modules, circuits, and steps are described generally in terms oftheir functionality.

In some embodiments, system 1400 may comprise any number of processormodules, any number of memory modules, any number of transmittermodules, and any number of receiver modules suitable for their operationdescribed herein. The illustrated system 1400 depicts a simpleembodiment for ease of description. These and other elements of thesystem 1400 are interconnected together, allowing communication betweenthe various elements of system 1400. In one embodiment, these and otherelements of the system 1400 may be interconnected together via a datacommunication bus (not shown).

The transmitter module and the receiver module may be located in eachprocessor module 1406/1432 coupled to their respective shared antenna(not shown). Although in a simple module only one shared antenna isrequired, more sophisticated modules may be provided with multipleand/or more complex antenna configurations. Additionally, although notshown in this FIG. 14, those skilled in the art will recognize that atransmitter may transmit to more than one receiver, and that multipletransmitters may transmit to the same receiver.

Whether such functionality is implemented as hardware, firmware, orsoftware depends upon the particular application and design constraintsimposed on the overall system. Those familiar with the conceptsdescribed herein may implement such functionality in a suitable mannerfor each particular application, but such implementation decisionsshould not be interpreted as causing a departure from the scope of thepresent invention.

FIG. 15 is an illustration of an exemplary flow chart showing alocation-based authentication process 1500 according to an embodiment ofthe disclosure. The various tasks performed in connection with theprocess 1500 may be performed by software, hardware, firmware, acomputer-readable medium having computer executable instructions forperforming the process method, or any combination thereof. The process1500 may be recorded in a computer-readable medium such as asemiconductor memory, a magnetic disk, an optical disk, and the like,and can be accessed and executed, for example, by a computer CPU such asthe processor modules 1406/1432 in which the computer-readable medium isstored.

It should be appreciated that process 1500 may include any number ofadditional or alternative tasks, the tasks shown in FIG. 15 need not beperformed in the illustrated order, and process 1500 may be incorporatedinto a more comprehensive procedure or process having additionalfunctionality not described in detail herein. In some embodiments,portions of the process 1500 may be performed by different elements ofthe systems 100 and 1400 such as: the client 126, the authenticationserver 128, etc. Process 1500 may have functions, material, andstructures that are similar to the embodiments shown in FIGS. 1-12.Therefore common features, functions, and elements may not beredundantly described here.

Process 1500 may begin by receiving at least one client received MEOsatellite signal at a client device from at least one MEO satellite(task 1502). The at least one MEO satellite may comprise, for examplebut without limitation, a Global Navigation Satellite System (GNSS)satellite, a Global Positioning System (GPS™) satellite, a GlobalnayaNavigatsionnaya Sputnikovaya Sistema (GLONASS™) satellite, a BeiDouNavigation System (COMPASS™) satellite, a Galileo™ satellite, or othersatellite that can be used to support positioning, navigation, or timingrelated applications.

Process 1500 may then continue by receiving at least one client receivedLEO satellite signal at the client device from at least one LEOsatellite (task 1504).

Process 1500 may then continue by constructing a client MEO signalsignature comprising samples over an MEO signature time period of the atleast one client received MEO satellite signal (task 1506).

Process 1500 may then continue by constructing a client LEO signalsignature comprising samples over an LEO signature time period of the atleast one client received LEO satellite signal (task 1508).

Process 1500 may then continue by receiving the at least one MEOsatellite signal at a server device to provide at least one serverreceived MEO satellite signal (task 1510).

Process 1500 may then continue by constructing a replica of the at leastone LEO satellite signal at the server device to provide at least oneserver LEO satellite signal (task 1512).

Process 1500 may continue by receiving the client MEO signal signaturecomprising samples over the MEO signature time period of the at leastone client received MEO satellite signal received from the at least oneMEO satellite (task 1514).

Process 1500 may then continue by constructing a server MEO signalsignature comprising samples over the MEO signature time period of theat least one server received MEO satellite signal received from the atleast one MEO satellite (task 1516).

Process 1500 may then continue by comparing the client MEO signalsignature and the server MEO signal signature to provide an MEOcomparison result (task 1518).

Process 1500 may then continue by receiving the client LEO signalsignature comprising the samples over an LEO signature time period ofthe at least one client received LEO satellite signal received from theat least one LEO satellite (task 1520).

Process 1500 may then continue by constructing a server LEO signalsignature comprising the samples over the LEO signature time period ofthe at least one server LEO satellite signal of the at least one LEOsatellite (task 1522).

Process 1500 may then continue by comparing the client LEO signalsignature and the server LEO signal signature to provide an LEOcomparison result (task 1524).

Process 1500 may then continue by authenticating that the client deviceis at a location based on the MEO comparison result and the LEOcomparison result (task 1526).

Process 1500 may then continue by determining the MEO comparison resultand the LEO comparison result at a server device, and authenticating thelocation of the client device at a host device (task 1528).

Process 1500 may then continue by receiving the client LEO signalsignature comprising the samples over the LEO signature time period oftwo client received LEO satellite signals received from two LEOsatellites (task 1530).

Process 1500 may then continue by constructing the server LEO signalsignature comprising the samples over the LEO signature time period ofthe two server LEO satellite signals of the two LEO satellites (task1532).

Process 1500 may then continue by receiving a client terrestrial signalsignature comprising samples over a terrestrial time period of at leastone client received terrestrial signal received from at least oneterrestrial source (task 1534).

Process 1500 may then continue by transmitting the client MEO signalsignature, the client LEO signal signature, and the terrestrial signalsignature to a server device (task 1536).

Process 1500 may then continue by constructing a replica of the at leastone client received terrestrial signal at the server device to provide aserver terrestrial signal signature (task 1538).

Process 1500 may then continue by comparing the client terrestrialsignal signature and the server terrestrial signal signature to providea terrestrial comparison result (task 1540).

Process 1500 may then continue by authenticating the location of theclient device based on the MEO comparison result, the LEO comparisonresult, and the terrestrial comparison result (task 1542).

FIG. 16 is an illustration of an exemplary flow chart showing a clientlocation-based authentication process 1600 according to an embodiment ofthe disclosure. The various tasks performed in connection with theprocess 1600 may be performed by software, hardware, firmware, acomputer-readable medium having computer executable instructions forperforming the process method, or any combination thereof. The process1600 may be recorded in a computer-readable medium such as asemiconductor memory, a magnetic disk, an optical disk, and the like,and can be accessed and executed, for example, by a computer CPU such asthe processor modules 1406/1432 in which the computer-readable medium isstored.

It should be appreciated that process 1600 may include any number ofadditional or alternative tasks, the tasks shown in FIG. 16 need not beperformed in the illustrated order, and process 1600 may be incorporatedinto a more comprehensive procedure or process having additionalfunctionality not described in detail herein. In some embodiments,portions of the process 1600 may be performed by different elements ofthe systems 100, 600, and 1400 such as: the client 126, theauthentication server 128, etc. Process 1600 may have functions,material, and structures that are similar to the embodiments shown inFIGS. 1, 6, and 12. Therefore common features, functions, and elementsmay not be redundantly described here.

Process 1600 may begin by receiving at least one client received MEOsatellite signal at a client device from at least one MEO satellite(task 1602). The at least one MEO satellite may comprise, for examplebut without limitation, a Global Navigation Satellite System (GNSS)satellite, a Global Positioning System (GPS™) satellite, a GlobalnayaNavigatsionnaya Sputnikovaya Sistema (GLONASS™) satellite, a BeiDouNavigation System (COMPASS™) satellite, a Galileo™ satellite, or othersatellite that can be used to support positioning, navigation, or timingrelated applications.

Process 1600 may then continue by receiving at least one client receivedLEO satellite signal at the client device from at least one LEOsatellite (task 1604).

Process 1600 may then continue by constructing a client MEO signalsignature comprising samples over an MEO signature time period of the atleast one client received MEO satellite signal (task 1606).

Process 1600 may then continue by constructing a client LEO signalsignature comprising samples over an LEO signature time period of the atleast one client received LEO satellite signal (task 1608).

Process 1600 may then continue by transmitting the client MEO signalsignature and the client LEO signal signature to a server forauthentication of a location of the client device (task 1610).

Process 1600 may then continue by constructing the client LEO signalsignature comprising samples over samples over the LEO signature timeperiod of two client received LEO satellite signals received from twoLEO satellites (task 1612).

Process 1600 may then continue by receiving a client terrestrial signalsignature comprising samples over a client terrestrial time period of atleast one client received terrestrial signal received from at least oneterrestrial source (task 1614).

Process 1600 may then continue by transmitting the client MEO signalsignature, the client LEO signal signature, and the terrestrial signalsignature to a server for authentication of the location of the clientdevice (task 1616).

In this manner, embodiments of the disclosure provide protection againstspoofing and counterfeiting such as proximate and offshore attacks, andstrong coverage in urban and indoor environments where satellitessignals are frequently blocked. Embodiments of the disclosure provide anauthentication system that allows adequate received signal strength fora navigation satellite signal to be received at a client device locatedin a low signal-to-noise-ratio (SNR) environment such as indoors anddowntown.

While at least one example embodiment has been presented in theforegoing detailed description, it should be appreciated that a vastnumber of variations exist. It should also be appreciated that theexample embodiment or embodiments described herein are not intended tolimit the scope, applicability, or configuration of the subject matterin any way. Rather, the foregoing detailed description will providethose skilled in the art with a convenient road map for implementing thedescribed embodiment or embodiments. It should be understood thatvarious changes can be made in the function and arrangement of elementswithout departing from the scope defined by the claims, which includesknown equivalents and foreseeable equivalents at the time of filing thispatent application.

In this document, the term “module” as used herein, refers to software,firmware, hardware, and any combination of these elements for performingthe associated functions described herein. Additionally, for purpose ofdiscussion, the various modules are described as discrete modules;however, as would be apparent one of skilled in the art, two or moremodules may be combined to form a single module that performs theassociated functions according the embodiments of the presentdisclosure.

In this document, the terms “computer program product”,“computer-readable medium”, and the like may be used generally to referto media such as, for example, memory, storage devices, or storage unit.These and other forms of computer-readable media may be involved instoring one or more instructions for use by the processor modules1406/1432 to cause the processor modules 1406/1432 to perform specifiedoperations. Such instructions, generally referred to as “computerprogram code” or “program code” (which may be grouped in the form ofcomputer programs or other groupings), when executed, enable a method ofusing the systems 100, 600 and 1400.

The above description refers to elements or nodes or features being“connected” or “coupled” together. As used herein, unless expresslystated otherwise, “connected” means that one element/node/feature isdirectly joined to (or directly communicates with) anotherelement/node/feature, and not necessarily mechanically. Likewise, unlessexpressly stated otherwise, “coupled” means that oneelement/node/feature is directly or indirectly joined to (or directly orindirectly communicates with) another element/node/feature, and notnecessarily mechanically. Thus, although FIGS. 1-12 depict examplearrangements of elements, additional intervening elements, devices,features, or components may be present in an embodiment of thedisclosure.

Terms and phrases used in this document, and variations thereof, unlessotherwise expressly stated, should be construed as open ended as opposedto limiting. As examples of the foregoing: the term “including” shouldbe read as mean “including, without limitation” or the like; the term“example” is used to provide exemplary instances of the item indiscussion, not an exhaustive or limiting list thereof; and adjectivessuch as “conventional,” “traditional,” “normal,” “standard,” “known” andterms of similar meaning should not be construed as limiting the itemdescribed to a given time period or to an item available as of a giventime, but instead should be read to encompass conventional, traditional,normal, or standard technologies that may be available or known now orat any time in the future.

Likewise, a group of items linked with the conjunction “and” should notbe read as requiring that each and every one of those items be presentin the grouping, but rather should be read as “and/or” unless expresslystated otherwise. Similarly, a group of items linked with theconjunction “or” should not be read as requiring mutual exclusivityamong that group, but rather should also be read as “and/or” unlessexpressly stated otherwise.

Furthermore, although items, elements or components of the disclosuremay be described or claimed in the singular, the plural is contemplatedto be within the scope thereof unless limitation to the singular isexplicitly stated. The presence of broadening words and phrases such as“one or more,” “at least,” “but not limited to” or other like phrases insome instances shall not be read to mean that the narrower case isintended or required in instances where such broadening phrases may beabsent. The term “about” when referring to a numerical value or range isintended to encompass values resulting from experimental error that canoccur when taking measurements.

As used herein, unless expressly stated otherwise, “operable” means ableto be used, fit or ready for use or service, usable for a specificpurpose, and capable of performing a recited or desired functiondescribed herein. In relation to systems and devices, the term“operable” means the system and/or the device is fully functional andcalibrated, comprises elements for, and meets applicable operabilityrequirements to perform a recited function when activated. In relationto systems and circuits, the term “operable” means the system and/or thecircuit is fully functional and calibrated, comprises logic for, andmeets applicable operability requirements to perform a recited functionwhen activated.

The invention claimed is:
 1. A method for location-based authenticationusing medium earth orbit (MEO) and low earth orbit (LEO) satellites, themethod comprising: receiving at a server a client MEO signal signaturecomprising samples over an MEO signature time period of at least oneclient received MEO satellite signal received at a client device from atleast one MEO satellite footprint of at least one MEO satellite;constructing a server MEO signal signature comprising samples over theMEO signature time period of at least one server received MEO satellitesignal received from the at least one MEO satellite; comparing theclient MEO signal signature and the server MEO signal signature toprovide an MEO comparison result; receiving at the server a client LEOsignal signature comprising samples over an LEO signature time period ofat least one client received LEO satellite signal received at the clientdevice from at least one LEO satellite footprint of at least one LEOsatellite; constructing a server LEO signal signature comprising samplesover the LEO signature time period of at least one server LEO satellitesignal of the at least one LEO satellite; comparing the client LEOsignal signature and the server LEO signal signature to provide an LEOcomparison result; and authenticating that the client device is at anasserted location based on the MEO comparison result and the LEOcomparison result to authenticate the asserted location of the clientdevice.
 2. The method of claim 1, further comprising: determining theMEO comparison result and the LEO comparison result at a server device;and authenticating the location of the client device at a host device.3. The method of claim 1, further comprising: receiving the at least oneserver received MEO satellite signal at a server device from the atleast one MEO satellite; and constructing a replica of the at least oneclient received LEO satellite signal at the server device to provide theat least one server LEO satellite signal.
 4. The method of claim 1,further comprising: receiving the at least one client received MEOsatellite signal at the client device from the at least one MEOsatellite; and receiving the at least one client received LEO satellitesignal at the client device from the at least one LEO satellite.
 5. Themethod of claim 1, further comprising: constructing the client MEOsignal signature comprising the samples over the MEO signature timeperiod of the at least one client received MEO satellite signal; andconstructing the client LEO signal signature comprising the samples overthe LEO signature time period of the at least one client received LEOsatellite signal.
 6. The method of claim 1, further comprising:receiving the client LEO signal signature comprising the samples overthe LEO signature time period of two client received LEO satellitesignals received from two LEO satellites; and constructing the serverLEO signal signature comprising the samples over the LEO signature timeperiod of two server LEO satellite signals received from the two LEOsatellites.
 7. The method of claim 1, further comprising: receiving aclient terrestrial signal signature comprising samples over aterrestrial time period of at least one client received terrestrialsignal received from at least one terrestrial source; constructing areplica of at least one client received terrestrial signal at a serverdevice to provide a server terrestrial signal signature; and comparingthe client terrestrial signal signature and the server terrestrialsignal signature to provide a terrestrial comparison result.
 8. Themethod of claim 7, further comprising authenticating the assertedlocation of the client device based on the MEO comparison result, theLEO comparison result, and the terrestrial comparison result.
 9. Themethod of claim 7, further comprising transmitting the client MEO signalsignature, the client LEO signal signature, and the terrestrial signalsignature to the server.
 10. A location-based authentication systemusing medium earth orbit (MEO) and low earth orbit (LEO) satellites, thesystem comprising: an authentication module operable to authenticatethat a client device is at an asserted location based on at least oneclient received MEO satellite signal received from at least one MEOsatellite footprint of at least one MEO satellite at the client deviceand at least one client received LEO satellite signal received from atleast one LEO satellite footprint of at least one LEO satellite at theclient device; a server client data module operable to: receive a clientMEO signal signature comprising samples over an MEO signature timeperiod of at least one client received MEO satellite signal receivedfrom at least one MEO satellite; and receive a client LEO signalsignature comprising samples over an LEO signature time period of atleast one client received LEO satellite signal received from at leastone LEO satellite; a server data module operable to: construct a serverMEO signal signature comprising samples over the MEO signature timeperiod of at least one server received MEO satellite signal receivedfrom the at least one MEO satellite; and construct a server LEO signalsignature comprising samples over the LEO signature time period of atleast one server LEO satellite signal of the at least one LEO satellite;and a comparison module operable to: compare the client MEO signalsignature and the server MEO signal signature to provide an MEOcomparison result; and compare the client LEO signal signature and theserver LEO signal signature to provide an LEO comparison result.
 11. Thesystem of claim 10, wherein: a server device comprises the comparisonmodule; and a host device comprises the authentication module.
 12. Thesystem of claim 10, wherein the authentication module is furtheroperable to authenticate the location of the client device based on theMEO comparison result and the LEO comparison result.
 13. The system ofclaim 12, wherein: the client data module is further operable to receivea client terrestrial signal signature comprising a client terrestrialtime window of at least one client received terrestrial signal receivedfrom at least one terrestrial source; the server data module is furtheroperable to construct a server terrestrial signal signature comprising aserver terrestrial time window of at least one server receivedterrestrial signal received from the at least one terrestrial source;the comparison module is further operable to compare the clientterrestrial signal signature and the server terrestrial signal signatureto provide a terrestrial comparison result; and the authenticationmodule is further operable to authenticate the asserted location of theclient device based on the MEO comparison result, the LEO comparisonresult, and the terrestrial comparison result.
 14. The system of claim10, further comprising a client signature module configured to:construct the client MEO signal signature comprising samples over theMEO signature time period of at least one client received MEO satellitesignal; and construct the client LEO signal signature comprising samplesover the LEO signature time period of at least one client received LEOsatellite signal.
 15. The system of claim 10, wherein: the at least oneclient received LEO satellite signal comprises two client received LEOsatellite signals received from two LEO satellites; and the at least oneserver LEO satellite signal comprises two server LEO satellite signalsof the two LEO satellites.
 16. A non-transitory computer readablestorage medium comprising computer-executable instructions for clientlocation-based authentication, the computer-executable instructionscomprising: receiving at least one client received MEO satellite signalat a client device from at least one MEO satellite footprint of at leastone MEO satellite; receiving at least one client received LEO satellitesignal at the client device from at least one LEO satellite footprint ofat least one LEO satellite; constructing a client MEO signal signaturecomprising samples over an MEO signature time period of the at least oneclient received MEO satellite signal; constructing a client LEO signalsignature comprising samples over an LEO signature time period of the atleast one client received LEO satellite signal; and transmitting theclient MEO signal signature and the client LEO signal signature to aserver for authentication of an asserted location of the client device.17. The non-transitory computer readable storage medium of claim 16,further comprising computer-executable instructions comprisingconstructing the client LEO signal signature comprising samples over theLEO signature time period of two client received LEO satellite signalsreceived from two LEO satellites.
 18. The non-transitory computerreadable storage medium of claim 16, further comprisingcomputer-executable instructions comprising receiving a clientterrestrial signal signature comprising samples over a terrestrialsignature time period of at least one client received terrestrial signalreceived from at least one terrestrial source.
 19. The non-transitorycomputer readable storage medium of claim 18, further comprisingcomputer-executable instructions comprising transmitting the client MEOsignal signature, the client LEO signal signature, and the terrestrialsignal signature to the server for authentication of the assertedlocation of the client device.